[PATCH] cdrom hardware defect mgt header length

From: Jens Axboe <axboe@suse.de>

cdrom_has_defect_mgt() has the same ->data_len bug - the length field is
not total length, but the length following that field.  So it should be +
4, not + 8.  However, just kill the length check.  Comparison of
feature_code provides enough check.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

drivers/cdrom/cdrom.c

@@ -671,28 +671,24 @@ int cdrom_has_defect_mgt(struct cdrom_device_info *cdi)
 {
 	struct packet_command cgc;
 	char buffer[16];
-	struct feature_header *fh;
 	__u16 *feature_code;
 	int ret;
 
 	init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ);
 
-	cgc.cmd[0] = GPCMD_GET_CONFIGURATION;	/* often 0x46 */
-	cgc.cmd[3] = CDF_HWDM;			/* often 0x0024 */
-	cgc.cmd[8] = sizeof(buffer);		/* often 0x10 */
+	cgc.cmd[0] = GPCMD_GET_CONFIGURATION;
+	cgc.cmd[3] = CDF_HWDM;
+	cgc.cmd[8] = sizeof(buffer);
 	cgc.quiet = 1;
 
 	if ((ret = cdi->ops->generic_packet(cdi, &cgc)))
 		return ret;
 
-	fh = (struct feature_header *)&buffer[0];
-	ret = 1;
-	if (be32_to_cpu(fh->data_len) >= (sizeof(struct feature_header)+8)) {
-		feature_code = (__u16 *)&buffer[sizeof(struct feature_header)];
-		if (CDF_HWDM == be16_to_cpu(*feature_code))
-			ret = 0;
-	}
-	return ret;
+	feature_code = (__u16 *) &buffer[sizeof(struct feature_header)];
+	if (be16_to_cpu(*feature_code) == CDF_HWDM)
+		return 0;
+
+	return 1;
 }